Detangling Cybersecurity and Privacy Policy

As the Indian government makes the final touches on the Right to Privacy Bill 2014, which aims at protecting individuals against misuse of data by government or private agencies, there is a strong ongoing debate about the confusion prevailing around cybersecurity and privacy policy issues.

Industry experts believe that the volume of online transactions, the explosion of e-commerce opening up multiple financial gateways and growth in digital infrastructure have resulted in the data traversing in all directions. This has only enhanced data privacy issues, showcasing the trouble that users have to establish the authenticity as well as the privacy of the data that they share.

Leaders argue that security practitioners need to emphasise the importance of cybersecurity and data security, and protect critical information from being leaked or misused, as it could result in huge legal ramifications.

"It is no exaggeration that information security practitioners are going through a tough challenge in protecting customer data privacy, given that there are about 3 to 4 billion customer transactions happening online every month," says Arvind Gupta, Head IT Cell, Bharatiya Janata Party.

"With explosion in data owing to these transactions, it is getting highly impossible to track them, as the data is traversing in multi-directions," Gupta says. "Ensuring that it is protected against misuse is a huge responsibility."

The leaders echo a similar sentiment with regard to the challenges involved in data protection and data privacy. The situation is getting murkier, and digital India is constantly providing them with more data than they can handle.

Data Protection and Privacy Policy Challenges

The panel highlighted that most individuals are ignorant about privacy and data protection laws and regulations, and oblivious that a person is entitled to his or her privacy, and other users can only have limited access to information about them.

They highlight that while there have been certain ambiguities and dilemmas around what exactly the privacy and cyber security policies and legislations cover, the Centre has been making an effort to resolve the shortcomings and reviewing the clauses.

"There are practical issues with regard to understanding the privacy, data protection and cybersecurity law by citizens at large," explains Prof. M.V. Rajeev Gowda, Member of Parliament, Rajya Sabha. "Even the best and most clued-into security systems often overlook privacy clauses and tend to sign up on every document or software without an iota of skepticism, which is a risky proposition."

Gupta believes that citizens should be informed about how organizations plan to secure, use or exchange their personal data, and that they should be asked for their consent. Unfortunately, due to lack of knowledge, no one is objecting to sharing any information.

"It is all about lack of awareness," Gupta says. "People must know that they can choose to withhold information, and that is what the Right to Privacy legislation under Article 21 of the Constitution says."

Raman Roy, chairman and managing director, Quattro, reiterates the need for a policy framework based on the public debate on the topic. "Government should invite public opinion on the privacy and cybersecurity issues and also around the concept of ethical hacking to create a robust policy framework," he says.

Measures to Tackle Cybersecurity, Privacy and Protection

The leaders claim that privacy and protection rights vary in different contexts and must be balanced against the other rights of citizens. This is in the interest of national security.

"A fine balance between what the consumer wants and what the country needs is most essential, as it would ensure that the policy framework is transparent and guidelines are adhered to," Gupta says.

"This is where the encryption laws come in to protect consumer data. This is sought after by the government for social security reasons," he says. In many countries, there have been concerns around using biometrics. A person's entire personal data is collected by the firms, and no one knows where the data is going or how it is being used.

Most often, they say the question that pops up regarding who owns the data is unanswered. Hence, the consumers need to be conscious about sharing vital information, as it is likely to be misused.

Gowda strongly recommends that the Indian government introduce a concept that has been followed by the US. They launched the Center for Ethical Social Legal Dimension of Human Security, which handles data protection issues.

"With the fourth generation coming after the GenY, their new ideas and engagement models and new perspectives of communicating will roll out huge data, and there should be laws to establish privacy of these," asserts Gowda.

To help the government establish a robust policy for cybersecurity and privacy, the leaders recommend a strong social media platform where the government can seek comments/feedback from all the stakeholders on required clauses as part of the privacy bill.

"Policy makers need to take into account new technological advancements, cybersecurity challenges, new forms of frauds and the new forms of data collection methods before prescribing a dynamic policy legislation that is futuristic," argues Gupta.

About the Author

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;